Download drupal-7.26.tar.gztar.gz 3.06 MB
MD5: 740bd57f524b8ac18a203b663ca1329d
SHA-1: fc2ae1c1d2e60f846a56253191f87cc79585fbb3
SHA-256: 8ec209228d1bfde68d3a2083aeefff1a874a6ffef3df605bd721e0bae650585d
Download drupal-7.26.zipzip 3.49 MB
MD5: 1732bc1d5a6bc50f21dc16f9f6e64ad3
SHA-1: d568e3ad39428e8a8662fefecbf2848c01829c47
SHA-256: 659dec886c08c1390320b0e58cde902b8f661d1840bb4275acff61844fc0e7f6

Release info

Created by: David_Rothstein
Created on: 15 Jan 2014 at 19:54 UTC
Last updated: 18 Oct 2017 at 16:40 UTC
Core compatibility: 7.x
Release type: Security update

Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

No other fixes are included.

No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.

Known issues:

On sites with a very large number of unpublished nodes in the database, the Taxonomy module update function introduced in this release may take a very long time to run and consume an excessive amount of memory; see this issue. The solution is to upgrade directly to Drupal 7.28 instead.

Major changes since 7.25:

  • The database schema of the OpenID module's "openid_association" table has changed in this release (the "idp_endpoint_uri" column is now the primary key, rather than the "assoc_handle" column). During the update all existing entries in this table will be removed, but the table only stores temporary data and therefore the change is not expected to affect site operation or OpenID logins.
  • A new, optional $form_state['programmed_bypass_access_check'] element has been added to the form API, for use with drupal_form_submit(). If this is provided and set to FALSE, drupal_form_submit() will perform the normal form access checks against the current user while submitting the form, rather than bypassing them like it normally does for programmatic form submissions. Any code which passes untrusted data (provided by the current user) to drupal_form_submit() is recommended to use this parameter for security reasons.


The selected release is the release that will be used for automated testing. Optional projects are only used for testing.


No required projects


No optional projects